Professional Documents
Culture Documents
Lte-Epc Technology Essentials Workshopv2
Lte-Epc Technology Essentials Workshopv2
LTE-EPC WORKSHOP
LTE/EPC TECHNOLOGY ESSENTIALS
Fast Track
LTE Workshop
Introduction
This Workshop is a fast track Course to cover the basic architecture and functionalities of
the LTE-EPC from the Packet Core Perspective. The course is a little bit advanced and the
target Audience is requested to have a basic PS Foundations and Mobility Knowledge
as a prerequisite. The course will cover the LTE-EPC Architecture, Call flows, Mobility and
session management in addition to introductory slides for the EPS Security and LTE-DNS.
Author Information
Hussien Mahmoud
PS Core/ EPC Consultant
Packet Core Networks
Linkedin: https://eg.linkedin.com/in/hussienmahmoud
LTE Workshop
Overview.
LTE/EPC Network Architecture.
LTE/EPC Mobility and Session Management.
LTE/EPC Security and Authentication.
DNS Functionalities in LTE.
LTE/EPC Overview
Module One
LTE/EPC Overview
Adapt the user requirements for high speed data and efficient
quality.
2G GPRS Mobile Technology was the first step to provide data services over
the mobile networks.
3G Technology provides a higher data rates support with better integrity.
LTE has the biggest challenges to overcome over the later technologies
LTE/EPC Overview
LTE is compatible with the
current 2G/3G Network as it is
counted as the next step of 3G
HSPA Network.
LTE have been developed by the
same standard group of 2G/3G
(3gpp).
LTE/EPC Overview.
Flat Architecture: 2 nodes based IP interface architecture.
Flat network architecture are characterized by fewer network elements, lower
latency, greater flexibility and lower operation cost.
3GPP
R6
3GPP
R7
3GPP
R7 IHSPA
3GPP
R8
LTE
LTE/EPC Network
Architecture
Module Two
NAS
Relay
RRC
Control
Plan
S1-AP
PDCP
RRC
PDCP
S1-AP
SCTP
RLC
RLC
IP
IP
MAC
MAC
L2
L2
L1
L1
L1
L1
LTE-Uu
UE
SCTP
S1-MME
eNodeB
MME
Application
User
Plane
IP
IP
Relay
Relay
PDCP
GTP-U
GTP-U
GTP-U
PDCP
GTP-U
RLC
RLC
UDP/IP
UDP/IP
UDP/IP
UDP/IP
MAC
MAC
L2
L2
L2
L2
L1
L1
L1
L1
L1
L1
LTE-Uu
UE
S1-U
eNodeB
S5/S8
a
Serving GW
SGi
PDN GW
NAS
NAS
Relay
RRC
S1-AP
PDCP
RRC
PDCP
S1-AP
SCTP
RLC
RLC
IP
IP
MAC
MAC
L2
L2
L1
L1
L1
L1
UE
LTE-Uu
eNodeB
SCTP
S1-MME
MME
GTP-C
GTP-C
UDP
UDP
IP
IP
L2
L2
L1
L1
S11
MME
S-GW
GERAN
S3
S1-MME
S6a
MME
PCRF
S11
S10
LTE-Uu
UE
S12
Serving
Gateway
E-UTRAN
S5
Rx
Gx
S4
PDN
Gateway
S1-U
SGi
Operator's IP
Services
(e.g. IMS, PSS etc.)
UTRAN
SGSN
HSS
GERAN
S3
S1-MME
S6a
MME
PCRF
S11
S10
LTE-Uu
UE
S12
Serving
Gateway
E-UTRAN
Rx
Gx
S4
PDN
Gateway
S1-U
SGi
Operator's IP
Services
(e.g. IMS, PSS etc.)
PCRF
Gx
Rx
S6a
PDN
Gateway
HPLMN
VPLMN
S8
UTRAN
SGSN
GERAN
S12
S3
S1-MME
S4
MME
S11
S10
LTE - Uu
UE
Serving
Gateway
E-UTRAN
S1-U
SGi
Operators IP
Services
(e.g. IMS, PSS etc.)
H-PCRF
Rx
S6a
S9
HPLMN
VPLMN
Home
Operators IP
Services
UTRAN
SGSN
GERAN
S3
S4
S1-MME
V-PCRF
S12
MME
Gx
S11
S10
"LTE-Uu"
UE
Serving
Gateway
E-UTRAN
S1- U
S5
PDN SGi
Gateway
Visited Operator
PDN
S9
HPLMN
VPLMN
UTRAN
SGSN
GERAN
S3
V-PCRF
S4
S1-MME
S12
MME
Rx
Gx
S11
S10
LTE-Uu
UE
S5
Serving
Gateway
E-UTRAN
S1-U
SGi
PDN
Gateway
Visited
Operator's IP
Services
Agenda
MM and SM States
Introduction
Analogue between 2G/3G network and LTE networks
3G
LTE
GPRS attached
EMM Registered
Process
EPC Bearer
RAB
3G
LTE
GPRS attach
Attach+Default Bearer
MM and SM States
Introduction
MM and SM in LTE is serving the same purpose as in the previous 2G/3G
networks.
In LTE we have two states defined for each UE
EPS Mobility Management States (EMM).
EPS Session Management States (ESM).
ESM purpose is to keep track of the session assignment and data
handling
EMM purpose is to keep track of the user location and to keep the
wireless mobility to a high accuracy level.
MM and SM States
Introduction: EMM States
EMM De-registered
The MME doesnt have any information about the UE location at any
level.
The MME may hold an old information about the UE context.
Attach or TAU would change the status to a Registered EMM state.
EMM Registered
The MME hold the location information of the UE.
The Tracking Area is the min. Location information.
The UE would perform all the related EMM procedure such as the TRAU.
The UE can also request to send data or receive data.
MM and SM States
Introduction: ECM States
ECM IDLE
There is no context for the UE in the UTRAN
There is no signaling associated between the UTRAN and EPC
The Location is known up to the level of the Tracking area
Tracking area Updates
ECM Connected
There is a valid context for the UE
There is a signaling associated in the UTRAN (RRC) and signaling associated
in the EPC level (S1 bearer)
The location is known up to to the accuracy of cells
Cell handover
ECM Connected= RRC Connected + S1 Connection
LTE/EPC Technology Essentials- Fast Track
MM and SM States
Introduction: ECM States
The UE has two states RRC status and ECM status.
The E-UTRAN has only RRC status.
The MME has only ECM status
RRC connected is a pre-requests to ECM connected
MM and SM States
Introduction: RRC States
RRC IDLE
There is no RRC context stored in the EnodeB
There is no signaling associated between the EnodeB and UE
Cell selection and reselection
UE is ready for paging
UE receives system information
RRC Connected
There is an RRC context stored in the EnodeB
There is a signaling associated between the EnodeB and UE
Cell handover
UE can transmit and receive data
UE reports neighbor cell measurement
MM and SM States
State Diagram
Agenda
The purpose of the GUTI is to provide an unambiguous identification of the UE that does not
reveal the UE or the user's permanent identity in the Evolved Packet System (EPS).
It can be used by the network and the UE to establish the UE's identity during signalling between
them in the EPS.
Agenda
GBR bearer will usually also limit the resources for some services based on the
assigned bandwidth.
MBR: the maximum bit rate assigned for GBR Bearers.
AMBR: the total maximum bit rate (MBR) for all non-GBR bearers .
LTE/EPC Technology Essentials- Fast Track
UE
eNodeB
eNB
Radio Bearer
DL-TFT
DL-TFT S5/S8-TEID
S1-TEID S5/S8-TEID
Serving GW
S1 Bearer
S5/S8 Bearer
PDN GW
Agenda
4.
5.
6.
The UE sends the ATTACH REQUEST message (NAS) including old STMSI, old TAI and information about the allocated PDN (IP) addresses.
The eNB selects an available MME and forwards the message to it.
The first task of the MME is to identify and authenticate the subscriber.
Thus it contacts the old MME (identified via S-TMSI/TAI) with
IDENTIFICATION REQUEST (GTP-C).
Authentication vectors for the subscriber. (Flowchart shows direct
contact with HSS). The authentication mechanism is the same as in 3G.
the new MME can begin to update the HSS and download the
subscription data from there
During this process the HSS will also force the old MME to clear the
stored data about the subscriber using the Diameter operation CANCEL
LOCATION.
LTE/EPC Technology Essentials- Fast Track
3.
4.
5.
Based on the subscription data the new MME must decide whether a
default bearer has to be created or not.
The default access point name (default APN) assists the MME in selection
of an appropriate SAE GW. To this serving gateway the CREATE
DEFAULT BEARER REQUEST message (GTP-C) is sent to.
The SAE GW will now create the S5/S8 tunnel. This is done with the
same message, but sent to the PDN GW.
When the EPC resources for the default bearer are prepared, the new
MME can give the ATTACH ACCEPT message to eNB.
The S1-AP message which will contain this one will hold the tunnel
endpoint identifier allocated by the SAE GW for S1 interface.
The eNB creates the radio bearer for the default SAE bearer and
returns ATTACH COMPLETE to the MME.
8. The S1-AP message this one is in will hold the TEID allocated by the eNB
for S1 interface.
9. Via an UPDATE BEARER procedure the MME will give this parameter to
the SAE GW.
10. Now the default SAE bearer is complete and the UE is in state
EMM_REGISTERED and ECM_CONNECTED.
Agenda
Detach Procedures
UE Initiated Detach
The transition to EMM_DEREGISTERED state is achieved by the NAS detach
procedure.
The procedure consists of:
DETACH REQUEST / DETACH ACCEPT procedure between UE and MME.
the DELETE BEARER procedure between MME and SAE GW and PDN
GW.
S1 RELEASE procedure between MME and eNB deletes all radio
resources.
Detach Procedures Can be triggered by three Parties:
1. UE
2. MME
3. HSS
LTE/EPC Technology Essentials- Fast Track
Detach Procedures
UE Initiated Detach
Detach Procedures
UE Initiated Detach
UE NAS Detach Request
Detach Procedures
UE Initiated Detach
Signaling Connection Release ( Context Release)
Detach Procedures
MME Initiated Detach
The transition to EMM_DEREGISTERED state is achieved by the NAS
detach procedure.
The procedure consists :
1.
2.
3.
Detach Procedures
MME Initiated Detach
Detach Procedures
HSS Initiated Detach
Agenda
The external data network triggers the request for a new IP connectivity
bearer (SAE bearer) via the PCRF connected to the PDN gateway that
owns the default SAE bearer of this user. This is sent in form of a policy
and charging control (PCC) decision from PCRF to PDN GW.
2.
The PDN GW first of all uses GTP-C CREATE DEDICATED BEARER REQUEST
to setup the tunnel between PDN GW and SAE GW.
3.
The SAE GW allocates the resources for the S5/S8 tunnel and forwards
an associated request to the MME for the S1 tunnel.
4.
If the UE receives such a paging it will respond with the SERVICE REQUEST
procedure. in the following the default SAE bearer will be re-established.
6.
7.
Agenda
2.
3.
4.
5.
6.
The UE sends the NAS message SERVICE REQUEST uplink via eNB to the
MME. If there are multiple MME connected to the eNB it is the task of the
eNB to select the right MME (the one the UE is registered with) from S-TMSI
and TAI.
The MME can now start authentication if required.
the MME start to re-establish the radio bearer and S1 tunnels for the active
SAE bearers of the UE.
MME sends the S1-AP message INITIAL CONTEXT SETUP REQUEST to the
eNB. This message contains the still active tunnel endpoint identifiers from
SAE GW and request the eNB to create new radio bearers.
eNB returns INITIAL CONTEXT SETUP RESPONSE in which it indicates its own
tunnel endpoint identifiers for S1 interface.
These TEIDs of the eNB are now forwarded to the SAE GW with GTP-C
UPDATE BEARER REQUEST. This completes the transition of the UE to
LTE_ACTIVE.
LTE/EPC Technology Essentials- Fast Track
The eNB send the message S1 RELEASE REQUEST (S1-AP) to the MME to
request the release of all EUTRAN resources for a UE.
2.
When the MME gets a trigger to release the UE from EUTRAN, it will
release the S1 tunnels allocated for the SAE bearers of the UE. This is
done by sending an UPDATE BEARER REQUEST message (GTP-C) to the
SAE GW.
3.
In parallel to the previous step the MME will send the S1-AP message
S1 RELEASE COMMAND to the eNB. It will trigger the release of the UE
on the air interface with message RRC CONNECTION RELEASE (RRC).
4.
This will bring the UE to RRC_IDLE state and with that also to LTE_IDLE
state. The UE acknowledges with RRC CONNECTION RELEASE ACK.
LTE/EPC Technology Essentials- Fast Track
Agenda
eNB
new
MME
old
MME
New
SGW
old
SGW
mobility/context data
authentication challenge
Authentication Response
Authentication response
Context Acknowledge
S-TMSI/IMSI,old TAI
Create Bearer Request
IMSI, bearer contexts
LTE/EPC
Technology
Essentials- Fast TrackUpdate Bearer Response
Create
Bearer Response
new SGW-S1 IP/TEID
PDN GW IP/TEID
PDN
Gatew
ay
HSS
Also simultaneously with the previous steps the MME will update the HSS.
During this the HSS will cancel the subscriber record in the old MME. The
old MME will of course also delete the old tunnels in the old SAE GW.
10. At the end the UE gets a NAS message TRACKING AREA UPDATE ACCEPT.
In it a new S-TMSI and new tracking area (or tracking area list) can be
contained.
11. The UE has to acknowledge with TRACKING AREA UPDATE COMPLETE.
eNB
new
MME
New
SGW
old
MME
old
SGW
Update Location
new MME identity, IMSI,
Cancel Location
IMSI, cancellation type = update
Cancel Location Ack
Delete Bearer Request
TEID
Delete Bearer Response
Update Location Ack
Tracking Area Update Accept
new S-TMSI, TA/TA-list
Tracking Area Update Complete
PDN
Gatew
ay
HSS
Agenda
LTE/EPC Handover
Introduction
UE is in ECM_Connected state.
UE sends measurements and reports to the eNB to assist in the handover
decision.
Downlink Packets are forwarded from the source cell to the target cell.
Target cell is selected by the network, not by the UE.
Handover control in E-UTRAN (not in packet core), Only once the
handover is successful, the packet core is involved.
LTE/EPC Handover
X2 Based Handover
UE
source
eNB
target
eNB
DL Packet Data
MME
Serving
Gateway
(SGW)
LTE/EPC Handover
X2 Based Handover
UE
source
eNB
MME
target
eNB
Serving
Gateway
(SGW)
Synchronization
UL Allocation + timing advance
S1AP: Handover Complete
Path Switch Request
Packet Data
DL Packet Data
Packet Data
LTE/EPC Handover
X2 Based Handover
X2-based Handover Handover Request
LTE/EPC Security
And Authentication
Module Four
HSS Generated
K
SEQ
XRES
AUTN
RAND
CK
IK
Kasme
UE
MME
HSS
RES(i)
DNS Functionalities
in LTE
Module Five
AAA Records
AAAA stands for IPv6 record lookup.
Map Host names to IPs.
NAPTR Reply
the next lookup is an SRV records (The "S" Flag ).
the next lookup is A, AAAA records. i.e. IP record (The "A" Flag).
more NAPTR RR lookups are to be performed ( empty flag " ").
LTE/EPC Technology Essentials- Fast Track
Thanks
Fast Track